In Linux when I use SSH I usually pass the host and port and username on the command line and then type the password when prompted. (In those rare cases I don't use certificates to log in without a password.) In Windows, PuTTY makes you pick a host and port and then prompts you for the username AND password.
This leads to unpleasant results. I'm so conditioned to open SSH and type my password at the prompt and hit Enter that I often end up typing my password as my username in PuTTY. Bad.
I use a computer far too often to have time too read every prompt, which leads to bad things. Anyone who's used to flying around an interface at light-speed by instinct and repeated learned behavior has experienced this kind of thing I'm sure.
This is horrendously bad because these programs often log the usernames of login attempts in plaintext in logs that lots of potentially evil people have the ability to read. The logs don't usually log the passwords of login attempts, but if you type a password AS a username, oops, you're screwed. Thankfully I'm root on most or all of the machines I ever SSH to, and I can go into /var/log and erase my mistake from the logs before anyone can see. But that doesn't help for web pages I don't know. And I wonder how often this kind of thing happens to other people. I wonder how many people who aren't familiar with computers accidentally send their password as their username to a bunch of websites.
After all the effort we go to to try to secure computer applications, these kinds of stupid human factors can still so easily ruin everything.